- Group running GoFundMe for border wall breaks ground without permits 5 Years Ago
- Biden says he won’t support federal legalization of marijuana 5 Years Ago
- People can’t get enough of ‘Baby Yoda’ 5 Years Ago
- ‘The Crown’ season 3 switches its cast but loses none of its intrigue 5 Years Ago
- Protesters occupying Hong Kong university post last wishes to Twitter as police move in 5 Years Ago
- Sara Lee navigates dirty Instagram comments after ‘SNL’ sketch 5 Years Ago
- YouTuber David Dobrik says his monthly earnings dipped $273K after ‘adpocalypse’ 5 Years Ago
- Pete Buttigieg took a Holocaust memorial picture Today 10:14 AM
- #IVapeIVote may have helped Trump back off proposed vaping ban Today 8:59 AM
- Whataburger blasted for refusing to serve drag queen Today 8:33 AM
- ‘Justice League’ actors show support for the Snyder Cut campaign Today 8:08 AM
- Laura Loomer may be a fringe candidate, but she’s being funded by big-time GOP donors Today 8:00 AM
- TikTok teen makes a video of his English teacher, the guy who sang ‘Story of a Girl’ Today 7:50 AM
- The teens of TikTok are doing just fine, thank you very much Today 7:00 AM
- ‘Watchmen’ episode 5: Looking Glass just became one of the most compelling characters Sunday 9:05 PM
Security researcher publishes 10 million passwords despite fear of FBI
This is the state of cybersecurity research now.
For whatever reason, people on the Internet still have trouble creating secure passwords. To better understand how and why people choose the passwords and usernames they do, one security researcher is releasing a massive trove of data in an effort to improve password security.
Mark Burnett released 10 million passwords on Monday. He collected the data from publicly available datasets leaked in the last decade by blackhat attackers. Burnett removed the identifying factors such as the domain portion of the email address.
He believes the combinations are “dead passwords,” meaning they are effectively useless to hackers or anyone trying to use them for fraudulent purposes.
Although Burnett collected and released this data exclusively for research purposes to better understand human behavior, he couched the release heavily, writing at length about why he shouldn’t be arrested by the FBI.
Burnett’s concerns stem from the aggressive prosecution of journalist Barrett Brown, who was charged with, among other things, sharing a link to data that included email addresses and credit card information. Brown’s arrest and prosecution led some journalists, activists, and security researchers to step down from their posts for fear of arrest based on similar charges.
Additionally, the Obama administration has proposed changes to the Computer Fraud and Abuse Act, which for now protects the release of data like the 10 million passwords Burnett posted this week, thanks to the researcher’s purpose of doing so without the intent to cause harm. If the changes are implemented, however, it could cause further problems for journalists and security researchers.
For now the laws are on my side because there has to be intent to commit or facilitate a crime. However, the White House has proposed some disturbing changes to the Computer Fraud and Abuse act that will make things much worse. Of particular note is 18 U.S.C. § 1030. (a)(6):
(6) knowingly and
with intent to defraudwillfully traffics (as defined in section 1029) in any password or similar information, or any other means of access, knowing or having reason to know that a protected computer would be accessed or damaged without authorization in a manner prohibited by this section as the result of such trafficking;
By removing “intent to defraud,” the government would make it much easier to prosecute people that share information like the passwords Burnett released. Even data shared for educational purposes.
For now, Burnett seems to be in the clear. One programmer has already made a Twitter bot to tweet out the combinations.
You shouldn’t be concerned whether your old username or password is on this list. Malicious attackers will be unable to do anything with it. But you should be concerned by the chilling effects placed on people like Burnett, in the wake of increased cybersecurity scrutiny and persecution.
For now, at least, researchers can better understand what makes us pick certain passwords thanks to this data—and try and make the Internet a little more secure.
Photo and illustration by Max Fleishman
Selena Larson is a technology reporter based in San Francisco who writes about the intersection of technology and culture. Her work explores new technologies and the way they impact industries, human behavior, and security and privacy. Since leaving the Daily Dot, she's reported for CNN Money and done technical writing for cybersecurity firm Dragos.